shibboleth-dev - Re: [Shib-Dev] cookie lifetime for login context
Subject: Shibboleth Developers
List archive
- From: Paul Hethmon <>
- To: Shibboleth Dev <>
- Subject: Re: [Shib-Dev] cookie lifetime for login context
- Date: Fri, 31 Jul 2009 12:14:53 -0400
On 7/31/09 12:09 PM, "Scott Cantor"
<>
wrote:
>> I've actually created a test web app which mimics the behavior of the
>> cookies being set in Shib, but of course IE works with it. So I'm just
>> looking for straws at this point.
>
> That seems like a pretty likely straw to me. Cookie handling varies between
> session and persistent cookies.
That was my thought also. My test app sets a persistent cookie that gets set
with a different value on each access, so mimicking the login context
cookie. The test app works though.
I'm going to compile a new Shib build and make that a session cookie and see
what happens. I can't think of a reason it needs to be a persistent cookie
at this point.
-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----
God does not play dice with the universe; He plays an ineffable game of his
own devising, which might be compared, from the perspective of any of the
other players, to being involved in an obscure and complex version of poker
in a pitch dark room, with blank cards, for infinite stakes, with a dealer
who won't tell you the rules, and who smiles all the time.
-- Terry Pratchett, Good Omens
- cookie lifetime for login context, Paul Hethmon, 07/31/2009
- RE: [Shib-Dev] cookie lifetime for login context, Scott Cantor, 07/31/2009
- Re: [Shib-Dev] cookie lifetime for login context, Paul Hethmon, 07/31/2009
- RE: [Shib-Dev] cookie lifetime for login context, Scott Cantor, 07/31/2009
Archive powered by MHonArc 2.6.16.